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Detailed Action 

Claims 1-12, 15-36,38-41 are pending. Claims 13, 14, 37 have been cancelled. 
Claims 39-41 are newly added claims. This is a response to the Amendment/Remarks 
filed on 10/22/09. This action is made FINAL. 
Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 1-12,15-35,38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent 6,766,165 issued to Sharma et al.(Sharma) in view of US Patent 
6,920,494 Issued to Heitman et al(Heitman) in further view of US Patent 7,158,484 
issued to Ahmed et al. (Ahmed) in further view of US Publication 2003/0061506 issued 
to Cooper et al. (Cooper) in further view of US Patent 5,636,344 issued to Lewis. 

As per claim 1 , Sharma teaches a method for mapping the topology of a 
wireless network(Fig.l), the method comprising the steps of: 

(b) identifying a relationship (1) between at least one of the wireless access 
points and at least one of the wireless network nodes(Fig.1-5, col.4, lines 45-55 ) or (2) 
between any two wireless network nodes based on the received scan data, a 
characteristic of at least one of the wireless access points, a characteristic of at least 
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one of the wireless network nodes or combinations thereof(Fig.1-5, col.4, lines 45-55); 
and (c) storing the identified relationship, access point characteristic, node 
characteristic or combinations thereof in a system data store as topology data(col.15, 
lines 58- col.6, Iine39); wherein the wireless network comprises a wireless local area 
network(col.5, lines 55-56). 

Sharma however does not explicitly teach receiving scan data 
comprising information collected from frames transmitted on the wireless 
network, wherein the received scan data is received from a wireless sensor 
configured to monitor the wireless network and collect information from frames 
transmitted on the wireless network, wherein the scan data is associated with 
monitoring of one or more network or nodes or combination thereof and wherein 
the relationship is identified responsive to an analysis of the scan data and 
responsive to a relationship between the wireless sensor and a server; 
formatting the stored topology data based upon a desired output format; 
repeating steps (a) through (d) a plurality of times, wherein the system data 
store stores topology data for each repetition, and wherein potential security 
and policy violations are detected responsive to historical topology data. 

Heitman teaches receiving scan data associated with monitoring of one 
or more network or nodes or combination thereof(Abstract); formatting the 
stored topology data based upon a desired output format(Figs.28-34, col. 3, 
lines 33-45). 

Therefore it would have been obvious to one ordinary skill in the art at 
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the time of the invention to modify the teachings of Sharma to include receiving 
scan data associated with monitoring of one or more network or nodes or 
combination thereof as taught by Heitman in order to resolve network 
topology(Heitman, col .2, lines 60-67); the step of repeating steps (a) through (d) 
a plurality of times, wherein the system data store stores topology data for each 
repetition, (Heitman, Figs.28-34). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine the teachings of Sharma and Heitman in order to provide 
a system to manage policies for networks(Hietman, col .2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach scan data 
comprising information collected from frames transmitted on the wireless 
network, wherein the received scan data is received from a wireless sensor 
configured to monitor the wireless network and collect information from frames 
transmitted on the wireless network and wherein the relationship is identified 
responsive to an analysis of the scan data and responsive to a relationship 
between the wireless sensor and a server. 

Ahmed teaches scan data comprising information collected from frames 
transmitted on the wireless network, wherein the received scan data is received 
from a wireless sensor configured to monitor the wireless network and collect 
information from frames transmitted on the wireless network and wherein the 
relationship is identified responsive to an analysis of the scan data and 
responsive to a relationship between the wireless sensor and a server(Figs.1- 
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1 1 , col.2, lines 35-67,col.8, lines 10-63). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include scan data 
comprising information collected from frames transmitted on the wireless network, 
wherein the received scan data is received from a wireless sensor configured to monitor 
the wireless network and collect Information from frames transmitted on the wireless 
network and wherein the relationship is identified responsive to an analysis of the scan 
data and responsive to a relationship between the wireless sensor and a server as 
taught by Ahmed in order to topology sensing in wireless communications networks with 
mobile nodes(Ahmed, col.1, lines 5-10). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Ahmed in order to topology sensing in wireless 
communications networks with mobile nodes(Ahmed, col.1, lines 5-10). 

Sharma, In view of Heitman in view of Ahmed does not explicitly teach wherein 
potential security and policy violations are detected responsive to historical topology 
data. 

Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Flgs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
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Ahmed to include detecting wlietlier tliere are potential security and policy violations as 
taught by Cooper in order to improve security of a network(Cooper, para. 0003). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Ahmed, and Cooper in order to improve security of a 
network(Cooper, para. 0003). 

Sharma in view of Heitman in further view of Ahmed in further view of Cooper 
does not explicitly teach historical topology data. 

Lewis explicitly teaches historical topology data(col.9, lines 3-23). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman In further view of 
Ahmed in further view of Coopers to include historical topology data as taught by Lewis 
in order to analyze faults(Lewis, col.1 , lines 5-7). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Ahmed, Coopers, and Lewis, in order to analyze faults(Lewis, 
col.1, lines 5-7). 

As per claim 2., the method of claim 1 , and further comprising the step of 
initiating one or more scans of wireless transmissions to generate the scan 
data(Heitman, col. 31, lines 40-54). Motivation to combine set forth in claim 1 . 

As per claim 3, the method of claim 2, wherein the step of initiating one or more 
scans comprises initiating a plurality of scans(Heitman, col.39, lines 1-39). Motivation 
to combine set forth in claim 1 . 

As per claim 4, the method of claim 3, wherein each of the plurality of scans is 
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initiated upon a different wireless sensor(Heitman, col.39, lines 1-39). Motivation to 
combine set forth in claim 1 . 

As per claim 5, the method of claim 4, wherein each of the plurality of scans 
occurs simultaneously(Heitman, col.39, lines 1-39). Motivation to combine set forth in 

claim 1. 

As per claim 6, the method of claim 4, and further comprising the step of 
repeating the step of initiating the plurality scans(Heitman, col.39, lines 1-39). 
Motivation to combine set forth in claim 1 . 

As per claim 7, 9, wherein the repetition step occurs over a particular time 
period(Heitman, col.39, lines 1-39). Motivation to combine set forth in claim 1 . 

As per claim 8,10, and further comprising the step of determining the particular 
time period based upon configuration data, network security threat level, current 
network activity, historical network activity or combinations thereon(Heitman, col.38, 
lines64-col.39, lines 55 ). Motivation to combine set forth in claim 1 . 

As per claim 1 1 , the method of claim 2, and further comprising the step of 
receiving a mapping request from a user or a computer and wherein the scan initiation 
step is responsive to the received mapping request(Sharma, col. 12, lines 40-59). 

As per claim 12, the method of claim 2, wherein the one or more initiated 
scans are initiated continuously or at periodic intervals(Heitman, col.38, Iines64- 
col.39, lines 55 ). Motivation to combine set forth in claim 1 . 

As per claim 15, the method of claim 13, and further comprising the step of (e) 
storing the formatted topology data in a data store accessible by a server 
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system(Sharnna, col.7, lines 15-31). 

As per claim 16, the method of claim 15, wherein the server system is an 
HTTP server, a WAIS server, a gopher server, or an FTP server(Sharma, col.7, 
lines 15-31). 

As per claim 17, the method of claim 13, wherein the desired output format is 
TIFF, GIF, JPEG, HTML, SMS, MIME, S/MIME, ZIP, SML, SGML, WAP, BMP or 
combinations thereof(Heitman, Figs.28-34). 

As per claim 18, the method of claim 13, and further comprising the step of 
receiving a mapping request and wherein the formatting step is responsive to the 
received mapping request(Sharma, Figs. 1-5, col. 12, lines 40-59). 

As per claim 19, the method of claim 18, wherein the mapping request is 
received from a user or a computer system(Sharma, Figs. 1-5, col. 12, lines 40-59). 

As per claim 20, the method of claim 13, and further comprising detecting a 
mapping trigger event based upon the received scan data and wherein the formatting 
step is responsive to the detected trigger event (Sharma, Figs. 1-5, col. 12, lines 40-59, 
Heitman, col.2, lines 3-30). Motivation to combine set forth in claim 1 . 

As per claim 21 , the method of claim 20, wherein the trigger event is a usage 
volume anomaly, a connectivity pattern anomaly, a policy violation, a security violation 
or combinations thereof(Sharma, Figs. 1-5, col. 12, lines 40-59, Heitman, col.2, lines 3- 
30). Motivation to combine set forth in claim 1 . 

As per claim 22, the method of claim 1 , and further comprising the step of 
(d) transmitting the stored topology data to a desired output device(Heitman, 
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Figs. 28-34). Motivation to combine set forth in claim 1 . 

As per claim 23, the method of claim 22, and further comprising the step of 
repeating steps (a) through (d) a plurality of times(Sharma, col.4, lines 15-67, 
Heitman, Abstract). Motivation to combine set forth in claim 1 . 

As per claim 24, the method of claim 22, and further comprising the steps of 
(e) determining a desired output format and (f) formatting the stored topology data 
based upon the desired output format prior to transmission(Sharma, col.4, lines 15- 
67, Heitman, Abstract). Motivation to combine set forth in claim 1 . 

As per claim 25, the method of claim 24, wherein the step of determining the 
desired output format comprises the step of determining the desired output format 
based upon configuration data, the desired output device, a mapping request or 
combinations thereo(Sharma, col.4, lines 15-67, Heitman, Figs.28-34, Abstract). 
Motivation to combine set forth in claim 1 . 

As per claim 26, the method of claim 22, and further comprising the step of (e) 
determining the desired output device(Heitman, Figs.28-34, Abstract). Motivation to 
combine set forth in claim 1 . 

As per claim 27, the method of claim 26, wherein step (e) comprises the step 
of determining the desired output device based upon configuration data, a mapping 
request or combinations thereof(Sharma, col.4, lines 15-67). 

As per claim 28, the method of claim 22, wherein the desired output device is a 
monitor, a printer, a further processing system, a pager, a telephone, a personal data 
assistant (PDA), an email account or a combination thereof (Heitman, Figs.28-34, 
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Abstract). Motivation to combine set forth in claim 1 . 

As per claim 29, Sharma in view of Heitman in further view of Ahmed teaches 
teaches the method of claim 22, wherein the desired output device is capable of 
rendering graphical output and further comprising the step of (e) formatting the topology 
data in a manner to graphically represent characteristics or relationships prior to 
transmission; graphically represented characteristics or relationships comprise whether 
a wireless access point of the one or more wireless points is authorized, unauthorized, 
or ignored and whether a wireless network node of the one or more wireless network 
nodes is authorized, unauthorized, unassociated, an adhoc station, or ignored. 
(Heitman, Figs.28-34, Abstract, Cooper,Abstract, Figs.1-32,para.0045-0046s, Figs.1- 
5,9,18-34). Motivation to combine set forth in claim 1 . 

As per claim 30, the method of claim 29, wherein the desired output device is 
capable of rendering color output and wherein the formatting step (e) comprises the 
step of formatting the topology data in manner using color to represent characteristics or 
relationships prior to transmission(Heitman, Figs.28-34, Abstract). Motivation to 
combine set forth in claim 1 . 

As per claim 31 , the method of claim 22, wherein the desired output device Is 
capable of rendering color output and further comprising the step of (e) formatting the 
topology data In manner using color to represent characteristics or relationships prior 
to transmission(Heitman, Figs.28-34, Abstract). Motivation to combine set forth in 
claim 1. 

As per claim 32, the method of claim 1 , and further comprising the step of 
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identifying a relationsliip between a plurality of the wireless nodes based on the 
received scan data in which no wireless access point is involved(Sharma, col. 12, lines 
40-58). 

As per claim 33, Sharma teaches a system for mapping the topology of a wireless 
network(Fig.l), the system comprising: 

(a) storage means for storing topology data comprising access point 
characteristic data, wireless network node characteristic data, access point to 
node relationship data, node to node relationship data or combinations 
thereof(Fig.1-5, col.4, lines 45-55, col. 15, lines 58- col.6, line 39); (d) analysis 
means for generating topology data by identifying from data received by the 
receiving means a characteristic of a wireless network node, a characteristic of 
an access point, an access point to node relationship, a node to node 
relationship, or combinations thereof and for storing the generated topology data 
in the storage means(Figs.1-5, col. 15, lines 58- col.6, line 39); wired 
connection(Fig.1-5); wherein the wireless network comprises a wireless local 
area network(col.5, lines 55-56). 

Sharma however does not explicitly teach a characteristic of the wireless 
sensor, a point to sensor relationship, a node to sensor relationship; (c) receiving 
means for receiving data from the wireless sensor over one of a wireless or wired 
connection; (b) a wireless sensor for scanning transmissions within a network and 
generating scan data therefrom, wherein the scan data comprises information 
collected from frames transmitted on the wireless network; (e)output means for 
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formatting topology data generated by the analysis means based upon a desired 
output format and for transmitting the formatted topology data to a desired output 
device; and (f) topology comparison means for comparing topology data to prior 
topology data to evaluate potential security and policy violations of the wireless 
network. 

Heitman teaches (e)output means for formatting topology data generated 
by the analysis means based upon a desired output format and for transmitting 
the formatted topology data to a desired output device(Figs.28-34, col.3,lines 
33-45). 

Therefore it would have been obvious to one ordinary skill in the art at 
the time of the invention to modify the teachings of Sharma to (b)monitoring 
means for scanning transmissions within a network and generating scan data 
therefrom; (e)output means for formatting topology data generated by the 
analysis means based upon a desired output format and for transmitting the 
formatted topology data to a desired output device as taught by Heitman in 
order to resolve network topology(Heitman, col.2, lines 60-67). 

One ordinary skill In the art at the time of the Invention would have been 
motivated to combine the teachings of Sharma and Heitman In order to provide a 
system to manage policies for networks(Hietman, col.2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach a characteristic of the 
wireless sensor, a point to sensor relationship, a node to sensor relationship; c) 
receiving means for receiving data from the wireless sensor over one of a wireless; (b) a 
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wireless sensor for scanning transmissions witliin a networl^ and generating scan data 
therefrom, wherein the scan data comprises information collected from frames 
transmitted on the wireless network. 

Ahmed teaches a characteristic of the wireless sensor, a point to sensor 
relationship, a node to sensor relationship(Fig.1-1 1); c) receiving means for receiving 
data from the wireless sensor over one of a wireless(Fig.1-11, col.2, lines 35-67, col. 8, 
lines 10-63); (b) a wireless sensor for scanning transmissions within a network and 
generating scan data therefrom, wherein the scan data comprises information collected 
from frames transmitted on the wireless network(Fig.1-11, col.2, lines 35-67,col.8, lines 
10-63). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include a 
characteristic of the wireless sensor, a point to sensor relationship, a node to sensor 
relationship; c) receiving means for receiving data from the wireless sensor over one of 
a wireless; (b) a wireless sensor for scanning transmissions within a network and 
generating scan data therefrom, wherein the scan data comprises information collected 
from frames transmitted on the wireless network as taught by Ahmed in order to 
topology sensing in wireless communications networks with mobile nodes(Ahmed, col.1 , 
lines 5-10). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Ahmed in order to topology sensing in wireless 
communications networks with mobile nodes(Ahmed, col.1, lines 5-10). 
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Sharma in view of Heitman in further view of Alinned does not explicitly teach f) 
topology comparison means for comparing historical topology data to evaluate potential 
security and policy violations of the wireless network. 

Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Figs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Ahmed to include detecting whether there are potential security and policy violations as 
taught by Cooper in order to improve security of a network(Cooper, para.0003). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Ahmed, and Cooper in order to improve security of a 
network(Cooper, para.0003). 

Sharma in view of Heitman in further view of Ahmed in further view of Cooper 
does not explicitly teach historical topology data. 

Lewis explicitly teaches historical topology data(col.9, lines 3-23). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Ahmed in further view of Coopers to include historical topology data as taught by Lewis 
in order to analyze faults(Lewis, col.1 , lines 5-7). 
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One ordinary sl<ill in tlie art would have been motivated to combine tlie teacliings 
of Sharma, Heitman, Ahmed, Coopers, and Lewis, in order to analyze faults(Lewis, 
col.1, lines 5-7). 

As per claim 34, the system of claim 33, further comprising intrusion detection 
means for detecting a usage volume anomaly, a connectivity pattern anomaly, a policy 
violation, a security violation or combinations thereof, and wherein the output means is 
responsive to a mapping request from a trigger event from the intrusion detection 
means(Sharma, Figs. 1-5, col.1 2, lines 40-59, Heitman, col.2, lines 3-30, Cooper, 
Abstract, Figs. 1-32, para. 0045-0046). Motivation to combine set forth in claim 33. 

As per claim 35, the system of claim 33, further comprising intrusion detection 
means for detecting a usage volume anomaly, a connectivity pattern anomaly, a policy 
violation, a security violation or combinations thereof, and wherein the monitoring 
means is responsive to a mapping request from a trigger event from the intrusion 
detection means(Sharma, Figs. 1-5, col.1 2, lines 40-59, Heitman, col.2, lines 3-30, 
Cooper, Abstract, Figs.1-32,para.0045-0046). Motivation to combine set forth in claim 
33. 

As per claim 38, Sharma teaches one or more computer-readable media 
storing instructions that upon execution by a system processor cause the 
system processor to map the topology of a wireless network by performing at 
least the steps comprising(Abstract) of: (c) identifying a relationship (i) between 
at least one of the wireless access points and at least one of the wireless 
network nodes (Figs. 1-5, col.4, lines 45-55) or (ii) between any two wireless 
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network nodes based on the received scan data, a characteristic of at least one 
of the wireless access points, a characteristic of at least one of the wireless 
network nodes or combinations thereof(Figs.1-5, col.4, lines 45-55), (d) storing 
the identified relationship, access point characteristic, node characteristic or 

combinations thereof as topology data(col.1 5, line 58-col.6, line 39); wherein 
the wireless network comprises a wireless local area network(col.5, lines 55- 
56). 

Sharma does not explicitly teach (a) initiating a scan of one or more wireless 
access points, one or more wireless network nodes or combinations thereof, wherein 
the scan is performed by a wireless sensor configured to monitor the wireless network 
and collect information from frames transmitted on the wireless network; (b) receiving 
scan data comprising information collected from frames transmitted on the wireless 
network, wherein the scan data is associated with monitoring of one or more wireless 
access points, one or more wireless network nodes or combinations thereof; (e) 
formatting topology data generated based upon a desired output format; and (f) 
outputting the formatted topology data to a desired output device; and (g) comparing the 
topology data to prior topology data to evaluate potential security and policy violations of 
the wireless network, wherein the comparing comprises one of a rules-based 
comparison, a pattern match ing-based comparison, and a combination thereof. 

Heitman teaches (b) receiving scan data wherein the scan data is associated 
with monitoring of one or more wireless access points, one or more wireless network 
nodes or combinations thereof(Abstract); (e) formatting topology data generated based 
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upon a desired output format(Figs.28-34, col.3, lines 33-45); and (f) outputting tlie 
formatted topology data to a desired output device(Figs. 28-34, col.3, lines 33-45). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma to include (b) receiving scan data 
wherein the scan data is associated with monitoring of one or more wireless access 
points, one or more wireless network nodes or combinations thereof; (e) formatting 
topology data generated based upon a desired output format; and (f) outputting the 
formatted topology data to a desired output device as taught by Heitman in order to 
resolve network topology(Heitman, col.2, lines 60-67). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine the teachings of Sharma and Heitman in order to provide 
a system to manage policies for networks(Hietman, col.2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach wherein the scan is 
performed by a wireless sensor configured to monitor the wireless network and collect 
information from frames transmitted on the wireless network; wherein the relationship is 
identified responsive to an analysis of the scan data and 
responsive to a relationship between the wireless sensor and a server. 

Ahmed teaches wherein the scan is performed by a wireless sensor 
configured to monitor the wireless network and collect information from frames 
transmitted on the wireless network; wherein the relationship is identified 
responsive to an analysis of the scan data and responsive to a relationship 
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between the wireless sensor and a server (Figs. 1-1 1 , coi.2, lines 35-67,col.8, 
lines 10-63). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include wherein 
the scan is performed by a wireless sensor configured to monitor the wireless network 
and collect Information from frames transmitted on the wireless network; wherein the 
relationship is identified responsive to an analysis of the scan data and responsive to a 
relationship between the wireless sensor and a server as taught by Ahmed in order to 
topology sensing in wireless communications networks with mobile nodes(Ahmed, col.1, 
lines 5-10). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Ahmed in order to topology sensing in wireless 
communications networks with mobile nodes(Ahmed, col.1, lines 5-10). 

Sharma In view of Heitman in further view of Ahmed does not explicitly teach (g) 
comparing the topology data to historical topology data to evaluate potential security 
and policy violations of the wireless network. 

Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Flgs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
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Ahmed to include detecting wlietlier tliere are potential security and policy violations as 
taught by Cooper in order to improve security of a network(Cooper, para. 0003). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Ahmed, and Cooper in order to improve security of a 
network(Cooper, para. 0003). 

Sharma in view of Heitman in further view of Ahmed in further view of Cooper 
does not explicitly teach historical topology data. 

Lewis explicitly teaches historical topology data(col.9, lines 3-23). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman In further view of 
Ahmed in further view of Coopers to include historical topology data as taught by Lewis 
in order to analyze faults(Lewis, col.1 , lines 5-7). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Ahmed, Coopers, and Lewis, in order to analyze faults(Lewis, 
col.1, lines 5-7). 

Claims 36 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent 6,766,165 issued to Sharma et al.(Sharma) in view of US Patent 6,920,494 
issued to Heitman et al(Heitman) in further view of US Patent 7,158,484 issued to 
Ahmed et al.(Ahmed) in further view of US Publication 2003/0061506 issued to Cooper 
et al. (Cooper). 

As per claim 36, Sharma teaches a system for mapping the topology of a wireless 
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network(col.12, lines 53-58), tlie system comprising: 

(a) a system data store (SDS) capable of storing topology data comprising 
access point characteristic data, wireless network node characteristic data, access 
point to node relationship data, node to node relationship data or combinations 
thereof(Fig.1-5, col.4, lines 45-55, col. 15, lines 58- col.6, line 39); and 

(b) a system processor comprising one or more processing elements, wherein 
the system processor is in communication with the SDS and wherein the one or more 
processing elements are programmed or adapted(Fig.1-5) at least to: 

(2) receive data and wherein the scan data is associated with monitoring of 
one or more wireless access points, one or more wireless network nodes or 
combinations thereof(col.4,lines 15-33); 

(3) identify a relationship (i) between at least one of the wireless access 
points and at least one of the wireless network nodes or (ii) between any two wireless 
network nodes based on the received scan data, a characteristic of at least one of the 
wireless access points, a characteristic of at least one of the wireless network nodes 
or combinations thereof(Fig.1-5, col.4, lines 45-55); 

store the identified relationship, access point characteristic, node 
characteristic or combinations thereof in the SDS as topology data(Fig.1-5, 
col.4, lines 45-55, col. 12, lines 53-58); wherein the wireless network comprises 
a wireless local area network(col.5, lines 55-56). 

Sharma however does not explicitly (1 )initiate at least one scan of one or more 
access points, one or more network nodes or combinations thereof, wherein the at least 
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on scan is performed by a wireless sensor configured to monitor tlie wireless network 
and collect information from frames transmitted on the wireless network and (5)format 
topology data generated based upon a desired output format and (6) output the 
formatted topology data to a desired output device; wherein the relationship is identified 
responsive to an analysis of the scan data and responsive to a relationship between the 
wireless and a server; (c) a wireless receiver that monitors wireless transmissions, 
wherein the wireless receiver is in communication with the system processor and 
wherein the system process's programming or adaptation to initiate at least on scan 
includes at least programming or adaptation to initiate the scan using the wireless 
receiver and wherein it's programming or adaptation to receive scan data includes at 
least programming or adaptation to receive scan data from the wireless receiver or from 
an interface therewith; (d) an intrusion detection engine configured to detect a usage 
volume, anomaly, a connectivity pattern anomaly, a policy violation, a security violation 
or combinations thereof; wherein an iteration of steps (1) through (6) is initiated 
responsive to the intrusion detection engine detecting a violation. 

Heitman teaches (l)initiate at least one scan of one or more access 
points, one or more network nodes or combinations thereof(Abstract); and 
(5)format topology data generated based upon a desired output format and (6) 
output the formatted topology data to a desired output device(Figs.28-34, 
col.3,lines 33-45). 

Therefore it would have been obvious to one ordinary skill in the art at 
the time of the invention to modify the teachings of Sharma to (1 )initiate at least 
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one scan of one or more access points, one or more networl< nodes or 
combinations thereof; and (5)format topology data generated based upon a 
desired output format and (6) output tine formatted topology data to a desired 
output device as taught by Heitman in order to resolve network 
topology(Heitman, col. 2, lines 60-67). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine the teachings of Sharma and Heitman in order to provide a 
system to manage policies for networks(Hietman, col.2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach wherein the at least on scan 
is performed by a wireless sensor configured to monitor the wireless network and collect 
information from frames transmitted on the wireless network; wherein the relationship is 
identified responsive to an analysis of the scan data and responsive to a relationship 
between the wireless and a server; (c) a wireless receiver that monitors wireless 
transmissions, wherein the wireless receiver is in communication with the system 
processor and wherein the system process's programming or adaptation to initiate at 
least on scan includes at least programming or adaptation to initiate the scan using the 
wireless receiver and wherein it's programming or adaptation to receive scan data 
includes at least programming or adaptation to receive scan data from the wireless 
receiver or from an interface therewith; (d) an intrusion detection engine configured to 
detect a usage volume, anomaly, a connectivity pattern anomaly, a policy violation, a 
security violation or combinations thereof; wherein an iteration of steps (1 ) through (6) is 
initiated responsive to the intrusion detection engine detecting a violation. 
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Ahmed teaches (c) a wireless receiver that monitors wireless transmissions, 
wherein the wireless receiver is in communication with the system processor and 
wherein the system process's programming or adaptation to initiate at least on scan 
includes at least programming or adaptation to initiate the scan using the wireless 
receiver and wherein it's programming or adaptation to receive scan data includes at 
least programming or adaptation to receive scan data from the wireless receiver or from 
an interface therewith(Abstract); wherein the at least on scan is performed by a wireless 
sensor configured to monitor the wireless network and collect information from frames 
transmitted on the wireless network; wherein the relationship is identified responsive to 
an analysis of the scan data and responsive to a relationship between the wireless and 
a server(Figs.1-11, col.2, lines 35-67,col.8, lines 10-63). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include wherein 
the at least on scan is performed by a wireless sensor configured to monitor the 
wireless network and collect information from frames transmitted on the wireless 
network; wherein the relationship is identified responsive to an analysis of the scan data 
and responsive to a relationship between the wireless and a server as taught by Ahmed 
in order to topology sensing in wireless communications networks with mobile 
nodes(Ahmed, col.1, lines 5-10). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Ahmed in order to topology sensing in wireless 
communications networks with mobile nodes(Ahmed, col.1, lines 5-10). 
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Sharma in view of Heitman in further view of Ahmed does not explicitly teach (d) 
an intrusion detection engine configured to detect a usage volume, anomaly, a 
connectivity pattern anomaly, a policy violation, a security violation or combinations 
thereof; wherein an iteration of steps (1 ) through (6) is initiated responsive to the 
intrusion detection engine detecting a violation. 

Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Figs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Ahmed to include detecting whether there are potential security and policy violations as 
taught by Cooper in order to improve security of a network(Cooper, para.0003). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Ahmed, and Cooper in order to improve security of a 
network(Cooper, para.0003). 

Claims 39-41 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent 6,766,165 issued to Sharma et al.(Sharma) in view of US Patent 6,920,494 
issued to Heitman et al(Heitman) in further view of US Patent 7,158,484 issued to 
Ahmed et al.(Ahmed) in further view of US Publication 2003/0061506 issued to Cooper 
et al. (Cooper) in further view of US Patent 5,636,344 issued to Lewis in further view of 
US Patent 6,665,269 issued to Schmitz. 
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Sharma in view of Heitman in view of Ahmed in view of Cooper in view of Lewis 
does not explicitly teach as per claim 39, the method of claim 1 , further comprising 
determining, from the scan data, wireless local area network configured properties for 
the at least one of the wireless access points. 

Schmitz teaches determining, from the scan data, wireless local area network 
configured properties for the at least one of the wireless access points(col.4, lines 4-8). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in view of Ahmed in 
view of Cooper in view of Lewis to include determining, from the scan data, wireless 
local area network configured properties for the at least one of the wireless access 
points as taught by Schmitz in order to troubleshoot network failures(Schmitz, col.1 , line 
28-30). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Ahmed, Cooper, Lewis and Schmitz in order to troubleshoot 
network failures(Schmitz, col.1, line 28-30). 

As per claim 40, the method of claim 39, wherein the wireless local area network 
configured properties comprise any of MAC address, access point name, Extended 
Service Set ID, supported wireless local area network rates, authentication modes, and 
wireless local area network encryption(Scmitz, col.4, lines 4-8). Motivation to combine 
set forth in claim 39. 



Application/Control Number: 10/700,914 Page 26 

Art Unit: 2451 

As per claim 41 the method of claim 1, further comprising determining MAC 
addresses on all stations within the at least one of the wireless access points' Basic 
Service Set(Scmitz,Fig.5, col.7, lines 1-25). Motivation to combine set forth in claim 39. 

Response to Arguments 
Affidavit 1 .131 filed on 9/9/08, was deemed proper to overcome the Williams 
however, the limitations taught by Williams is shown to be taught by US Publication 
2003/0061506 issued to Cooper et al. which has an effective filing date of June 14, 
2001 which is earlier than the effective filing date of the present application of April 21 , 
2003. 

Applicant's arguments filed 10/22/09 have been fully considered but they are not 
persuasive. 

The applicant argues In substance that the prior art, in particular 

a) Sharma does not teach, wireless LAN; 

b) Ahmed does not teach collection of frames on the WLAN; 

c) Ahmed does not teach wireless sensor. 

In reply a); Sharma, col. 25, lines 55-60, explicitly teaches Wireless Ethernet Hub 
for a LAN, and further teaches the interconnection of a network through wireless links, 
therefore teaches a wireless LAN. 

In reply to b); In response to applicant's arguments against the references 
individually, one cannot show nonobviousness by attacking references individually 
where the rejections are based on combinations of references. See In re Keller, 642 
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F.2cl 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2cl 1091, 231 
USPQ 375 (Fed.Cir. 1986). 

Sharma, col.25, lines 55-60, teaches the use of a WLAN, and Ahmed, col.2, lines 
35-67, and col.8, lines 10-63, teaches collection of frames transmitted on a wireless 
network. Therefore, one ordinary skill in the art can use the method of collection of 
frames transmitted on a wireless network and apply it to a specific type of network, in 
this instance, a WLAN. 

In reply to c); Ahmed utilize a wireless base station for sensing, as admitted by 
the applicant on page 12 of the Remarks, in the broadest interpretation, one ordinary 
skill in the art can consider the wireless base station that does sensing as a wireless 
sensor. 

Conclusion 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in its entirety as potentially teaching of all or 
part of the claimed invention. 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO-892. 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Backhean Tiv whose telephone number is (571 ) 272- 
5654. The examiner can normally be reached on M-F 6:30-3:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

B. T. 

Backhean Tiv 
Examiner, Art Unit 2451 
1/21/10 



/Hassan Phillips/ 

Primary Examiner, Art Unit 2451 



